Google will phase out third-party cookies in their Chrome browser, which is used by the majority of web users. Google is and remains a advertisement company, so they offered to put in place an alternative that they consider better for privacy, but would still give advertisers information about the current users, they call it FLoC. I won't go too much into detail here, but instead of having your profile stored on the servers of Ad providers, you create your own profile locally, and that profile can be queries with a specific API. So potentially (depending on the implementation) the browsers harvests user data from the sites you visit, independently from the services that might be used on those websites.
Backlash has started now on the internet, with several browsers saying they will not support FLoC, but also Wordpress has entered in the mix, stating that they consider FLoC a security risk, and that Wordpress will contain code that will tell the browser the do not want FLoC data : Proposal: Treat FLoC like a security concern – Make WordPress Core
ImpressCMS aims to be as secure as possible, do you think this would be an option we should have somewhere in the ACP?
A new version of the page is live, with the fast installation rewritten. We now do everything using composer.
We have a program running on HackerOne, and one of the recurring questions is if the hackers there can be compensated for their efforts. As an open source project without a company financially backing us, I don't think offering payment is an option. I was thinking more about t-shirts or other funny/nice gadgets with ImpressCMS branding.
The hackers at hackerone have done a great job, and certainly in the beginning stage, I would like to thank them all with a little something.
The problem I have encountered is that the costs could become astronomically high if we would handle the sending around the world by ourselves. I made a quick check : sending a t-shirt (worth 8-10€) to India for example, would cost me 56€.
Talking with @Mekdrop we discussed drop-shipping services, because those services would take the sending of the items on their account (which would be less of a headache to handle for us as well). However, not all of those services allow for your own things to be printed or created.
I would like to hear experience with drop-shipping services, and also other options we migh not have thought about.
The RC has become a final release - see the news and download!
I just released ImpressCMS 1.4.2 RC. Lots of small bugfixes, most of them security-related. Please have a look and see if it works on your system in your situation. Any bugs? post them on Github, or you can add them here in this forum post as well
Just to make it abundantly clear : from now on, all security-related reports should be logged on Hackerone. The other form will be deactivated.
This year has been challenging, to say the least. People all around the world are having their predictable lives become very unpredictable. Things change every day. Health care systems and workers are being stretched thin to provide care to a growing number of people. Families are being isolated and separated.
Thank you all! Stay safe!
I started an installation page for ImpressCMS v2 to help you out if you want to test the current v2.0 alpha builds. I received feedback that the installation is not that clear, so here is a page that should help out. Feel free to add/adapt where needed : Installing ImpressCMS 2 - Wiki : ImpressCMS
could it be that the file is too large? I admit that 100K is small
I upload the image on : https://github.com/ImpressCMS/impresscms/issues/807 (I can't upload the file here..)
ImpressCMS definitely has multiple editors at its disposal. They can be configured in the 'General Settings' page, more info in the wiki here.
We currently have CKEditor, TinyMCE and an old-skool simple text editor available. At the moment, new editors need to be installed manually on your site, but a PR on Github is waiting for ImpressCMS 2.0 to manage the editors just like the modules and the translations, using Composer.
I can confirm the issues that you have found. I already filed a bug report for the editor administration page, in fact.
When you talk about a database error, do you mean the one on the user page, or is it another one?
Composer version 1.10.17 2020-10-30 22:31:58
PHP 7.4.11 (cli) (built: Sep 29 2020 13:18:06) ( ZTS Visual C++ 2017 x64 )
After successful installation I can't access different functionality,different editors?(I am not sure if impressCMS have a editor). I also receive a database error message.
For functionality that I can't access (see images)
no editors ? :
Great, thanks for confirming that the issue was fixed on your side as well. No problem with slow replies, normal life has its necessities too
I can not even spend a fraction of the time I would like to on ImpressCMS, I sympathize.
yes, we are using the h1 platform, and as of a few minutes ago, we are a public project at https://hackerone.com/impresscms
Feel free to post any security related issues there so we can monitor them more easily.
Final question : Are you using h1 platform? Can I get invite (I plan to test this now after successful installation)
I can login now and the error before is already fix.
Apologize for late reply, I will test this now and I will update you
Hi, I checked on multiple instances and the problem is now gone. The Pull Request is now integrated in the master branch. I plan on doing a new alpha by the end of the week.
There is a possible fix for this, could you test it out on your setup as well? I'll check it on mine before approving the Pull Request, but 2 checks is better than 1